[Openswan Users] Openswan + L2TP
Norman Rasmussen
normanr at gmail.com
Sat Aug 13 14:52:54 CEST 2005
name = LinuxVPNserver
# must match the second field in /etc/ppp/chap-secrets entries
* markin "teste" 192.168.99.130
markin * "teste" 192.168.99.130
LinuxVPNserver != markin
either change LinuxVPNserver to markin, or markin to LinuxVPNserver.
or did you maybe mean:
markin LinuxVPNserver "teste" 192.168.99.130 ?
The layout of the network doesn't affect auth.
On 13/08/05, Marcos Ferreira da Silva <marcosfs at centershop.com.br> wrote:
> Em Sáb, 2005-08-13 às 00:20 +0200, Norman Rasmussen escreveu:
> > FYI: in /etc/ppp/options.l2tpdipcp-accept-local you might want to add 'name'
> >
> > this is what my debian system has:
> >
> > # Name of the local system for authentication purposes
> > # (must match the second field in /etc/ppp/chap-secrets entries)
> > name l2tpd
> >
>
> my l2tpd.conf:
> [global]
> ;listen-addr = 192.168.99.1
>
> [lns default]
> ip range = 192.168.99.128-192.168.99.254
> local ip = 192.168.99.2
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = LinuxVPNserver
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd
> length bit = yes
>
> my chap-secrets:
> # Usuario Teste
> * markin "teste" 192.168.99.130
> markin * "teste" 192.168.99.130
>
> my options.l2tpd:
> ms-dns 192.168.99.1
> ms-wins 192.168.99.1
> noccp
> auth
> crtscts
> idle 1800
> mtu 1410
> mru 1410
> nodefaultroute
> debug
> lock
> connect-delay 5000
> silent
> logfile /var/log/l2tpd.log
>
> If I put noauth, the client get the IP 192.168.99.130 and I connect
> perfectly. But if I put auth the errors is:
>
> /usr/sbin/pppd: The remote system is required to authenticate itself
> /usr/sbin/pppd: but I couldn't find any suitable secret (password) for
> it to use to do so.
> /usr/sbin/pppd: (None of the available passwords would let it use an IP
> address.)
>
>
> > On 13/08/05, Norman Rasmussen <normanr at gmail.com> wrote:
> > > > Cliente: 192.168.1.2
> > > > Server: 192.168.1.1
> > > > Network: 192.168.99.0/24
> > >
> > > um, I assume the server has another network card with an ip in the
> > > network range?
> > >
> > > more like (THIS IS AN EXAMPLE)
> > > Server:
> > > eth0: 192.168.1.1 (network 192.168.1.0/24)
> > > eth1: 192.168.99.1 (network 192.168.99.0/24)
> > >
> > > I guess you could do it via aliasing too (i.e. eth0 and eth0:1)
> > >
> > > --
> > > - Norman Rasmussen
> > > - Email: norman at rasmussen.co.za
> > > - Home page: http://norman.rasmussen.co.za/
> > >
>
> My Network
> Server:
> ppp0 (eth0): Internet
> eth1 = 192.168.99.1 (192.168.99.0/24)
> eth1:0 = 192.168.99.2 (192.168.99.0/24)
> eth2 = 192.168.1.1 (192.168.1.0/24)
>
> client --- (eth2) Server (eth1) --- network
>
> My system is fedora core 4, openswan without klips, and I put the l2tpd
> to listen in all interfaces. But in this case the client can connect
> directly in l2tpd without pass via IPSec. Should I compile the openswan
> with klips (fedora 4) to resolve this problem and put the l2tpd in
> internal interface?
>
> Does someone compiled the openswan-klips at fedora 4?
>
> Marcos
>
>
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Users
mailing list